At this point in time we are accepting recommendations, suggestions and new features.  However, we do not have any planned updates for the remainder of the fiscal year.  We are going through our FY12 planning and CAT.NET is on the list of requests for next year.  We will know by the end...

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...

Syed Aslam Basha here. I am a tester on the Information Security Tools Team responsible for testing CAT.NET. You can download the current Beta of CAT.NET 2.0 from https://connect.microsoft.com/site734/Downloads/DownloadDetails.aspx?DownloadID=26086&wa=wsignin1.0 * You must have Visual studio 2010...

Mark Curphey here… Please to announce a beta of the upcoming CAT.NET 2.0. This beta program will last for approximately 1 month.  The final released version is scheduled to release shortly after VS 2010 RTM.   The goal of this beta program is to garner feedback from the user community...

RV here... Our pre alpha release included a command line tool showcasing newer version of CAT.NET based on tainted data flow analysis engine using Phoenix compiler infrastructure. It also included a configuration analysis engine which was capable of identifying insecure configuration in .config files...

Syed Aslam Basha here. I am a tester on the Information Security Tools team responsible for testing CAT.NET v2.0. As the installer name suggests CATNETV20CMD, CAT.NET V2.0 CTP is command line version only. CAT.NET v2.0 CTP analyses assemblies for vulnerabilities and configuration files for misconfigurations...

Maqbool Malik here… One of the most significant update to CAT.NET in v2.0 is the addition of a configuration engine. The goal of the engine is to identify insecure configuration at all layers of the application (configuration files, code level configuration, etc.) which should be remediated prior to...

RV here... With the new build of CAT.NET available on connect.microsoft.com you must have noticed that the new version includes only a command line tool. We we will be releasing the Visual Studio rules as part of Beta1 release. So lets look at how we can use the command line version to analyze binaries...

RV here... Last year we developed an internal tool to review servers for security configuration issues. Microsoft offers several enterprise options for doing this such as Systems Center Configuration Manager but the requirements were for a lightweight stand-alone tool focused towards developers and testers...

Andreas Fuchsberger here….. Within the Information Security Tools Group we are now really getting into a redesign of our popular Code Analysis Tool for .NET (CAT.NET). One of the biggest challenges we have is to redesign the engine so that it no longer suffers from an out of memory condition when analyzing...

Mark Curphey here......( @curphey on Twitter) There is a stack of new interesting videos and posts related to the software security tools we build that I found this week. Ben Livshits video on the architecture of CAT.NET here RV talking about TAM 3.0 here Helen Wang on Gazelle, a Microsoft Research browser...

Syed Aslam Basha here…..I am a tester on the Information Security Tools team. There is a new build of CAT.NET Version 1.1.1.9 now available for download on MSDN ( 32 bit here and 64 bit here ). We recommend *ALL* users upgrade to this latest release, a bug fix and minor improvements build. As well as...

Mark Curphey here (Follow me using @curphey on Twitter ). June is a busy time of year around MSFT. For most teams you have a pretty good idea about your budget for the next year (July – July) and the end of year performance review cycle kicks in. You spend most of your time in retrospective of the last...

Syed Aslam Basha here. I am a tester on the Information Security Tools team and responsible for testing CAT.NET. You can run CAT.NET as; A Visual studio add-in From Command prompt As an FXCop rule Lastly, integrated into VSTF Team build as an MSBuild custom task Here am going to describe using CAT.NET...

We are planning a complete re-write of the core CAT.NET engine starting July 1st to get a scalable engine from which we can build on. Building graphs from code is “expensive” hence the OOM issues with the current version. We do it all in memory.. doh! Lot’s of cool features / improvements will be added...